Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2004-0940

CVE information

Published

17 years ago

Last Modified

1 year ago

CVSSv2.0 Severity

Medium

Impact Analysis

Description

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error..

CVSSv2.0 Score

Severity
Medium
Base Score
6.9/10
Exploit Score
3.4/10
Access Vector
Local
Access Complexity
Medium
Authentication Required
None
Impact Score
10/10
Confidentiality Impact
Complete
Availability Impact
Complete
Integrity Impact
Complete

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:slackware:slackware_linux:8.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  Yes
- -